General
-
Target
e3b559708ada89670580a50f06b3754281b3c3a155114a3401a73e4a94a888dd
-
Size
830KB
-
Sample
250117-de4lgazlew
-
MD5
70c13e58aac413904409f2e419064bf3
-
SHA1
6fc8c9b9acebb7a77dc20e498a835871df12b088
-
SHA256
e3b559708ada89670580a50f06b3754281b3c3a155114a3401a73e4a94a888dd
-
SHA512
26a1b75b9963f63bfa8013a5ae49dd016d13741d6226c03d04566c088d288cd3d158c1f96970b3643ff9bcfa62d245e4ae54be9d76029f080a5a23127b57a33a
-
SSDEEP
24576:aY7tC/D80olUcT7nT/L8bEffw3si8pnAS:aYpi80olUcT7T/LIE3wJ8pnAS
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.thelamalab.com - Port:
587 - Username:
[email protected] - Password:
Thel@malab@20!9 - Email To:
[email protected]
Targets
-
-
Target
PAYMENT ADVICE.exe
-
Size
1.1MB
-
MD5
b6912ef99b7dc47b8f3c1ec436068255
-
SHA1
06c121cff62f9db6a9189ce9de1a3ba0c9dfeb75
-
SHA256
6a9414c298284cdbbfe72454eac3d9c3e35286dd461f5d621adb10db1d34d4b6
-
SHA512
0143558b1e4d2e12d2d609d6782acdf425ea6914926875a4f0508b64366da448870659d7fd8cd2dd61cba5ce4d5b975dce56557d36953d384d24ce2c9729c3d9
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC1V34bcVf8DSi6DJtR:7JZoQrbTFZY1iaC1V38cx8n6DJtR
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-